Like other DeFi apps, Silo Finance uses third-party services to price token assets listed in the protocol. While our markets (silos) are isolated from each other - meaning risk doesn't spread out - you still face risk in markets you provide liquidity to.
The Silo protocol cannot verify the security and precision of 3rd-party oracles.
The Silo protocol cannot detect when an oracle becomes prone to manipulation.
The Silo protocol cannot prevent an oracle from being manipulated.
Silos display risk labels to educate you about oracle risk. For your safety, only deposit liquidity in markets you trust.
Neither the protocol nor the core team can shield you from risk when an oracle is manipulated.
Oracle risk labels in the rDPX silo.
We recommend you take the following steps to assess risk:
- Conduct a research on all token assets underlying the silo you are depositing into. For example, if you're depositing $USDC to the CRV silo, ask yourself about the possibility of CRV token being exploited (infinite mint exploit for example), or the project shutting down. Consider all factors that might lead to CRV collateral losing its value resulting in to the loss of your USDC deposit.
- Check the oracles in use. If a Uniswap V3 oracle is used to price a token asset, check out the pump/dump cost on Silo Analytics to make an informed decision.
Oracles are used to:
- Determine the market value of collateral.
- Determine the market value of loans.
- Enforce over-collateralization rules to protect lenders.
Let's delve into that.
A borrower in one isolated market puts up collateral of a crypto asset to borrow another asset that has been provided by lenders. Collateral must always be larger than the loan - this is called over-collateralization and is coded in the smart contract logic.
If the value of the borrower's collateral declines to a certain level, the market's smart contract attempts to liquidate the collateral - via a 3rd-party service - to protect lenders. This ensures market's solvency.
If oracles report inaccurate prices, over-collateralization rules cannot be enforced.
- Oracle reports inflated price of a token; depositors of the value-inflated token borrow more that they should be allowed to. In this case the over-collateralization rule is compromised, and lenders likely lose their deposits.
- Oracle reports deflated price of a token; borrowers of the value-deflated token can borrow more that they should be allowed to. In this case the over-collateralization rule is compromised, and lenders likely lose their deposits.
The untold truth about oracles
All oracles can be manipulated upward or downward. It comes down to the economic cost of undertaking an attack. Read more.
In most cases it is economically prohibitive to undertake an oracle manipulation attack. This fact is usually labeled as "Oracle Resilience".
Chainlink is broadly trusted in the blockchain ecosystem. Some attribute the rise of DeFi to Chainlink oracles. Chainlink has proved its resilience in adverse market conditions.
However, Chainlink oracles can report erroneous prices sometimes. This happened during the collapse of the Terra blockchain when the LUNA price oracle at one point reported a significantly-higher price than what LUNA was trading at. The discrepancy motivated some users to purchase LUNA on the market for less and deposit it in lending markets that priced LUNA at much-higher value, giving them an inflated borrowing power that eventually led to the loss of millions of dollars.
If the LUNA crisis were to happen today, and the LUNA silo used a Chainlink price feed, only bridge-asset depositors ( i.e. ETH/XAI) depositors in the LUNA silo would suffer loses whereas depositors in other silos would not be affected.
Risk isolation is the first and last line of defense.
Uniswap V3 TWAP oracles are embedded within Uniswap liquidity pools and can be used to source the price of token assets. Because spot prices can be easily manipulated upward or downward, Silo Finance's lending markets always set the oracle window to 30 minutes to obtain a resilient TWAP.
TWAP oracles are extremely costly to manipulate, however, the cost can decrease significantly under certain conditions:
- When liquidity in a Uniswap V3 pool becomes extremely shallow;
- When liquidity in the pool is concentrated in narrow ranges (price ticks)
When enough liquidity (estimated at ~$100K total) is deposited in a Uniswap V3 pool full-range (0 to ∞), the pool's underlying oracle grows extremely resilient.
Silo Analytics provides users with pump/dump cost information to help them make a decision. Analytics report estimates only, please use it to guide your decision making only.
As a general rule, whenever the cost of pumping, or dumping, a token price becomes significantly smaller than a silo's TVL, you should avoid depositing any liquidity.
Be aware of APR traps
There might be situations where attackers inflate APRs to attract liquidity that would make attacks profitable.
In rare cases, the core team develops custom oracles that computes an asset's market value based on custom logic. We currently use two custom oracles:
gOHM uses a custom oracle that computes gOHM value based on Chainlink OHM/ETH data feed and OHM rebase index. Silo Protocol cannot verify the precision or security of the Chainlink feed or OHM rebase index.
Bear in mind that the OHM rebase index is a smart contract that is developed and maintained by the Olympus DAO. If the index reports erroneous data, there will be unknowable consequences for all users depositing in the gOHM market.
wstETH is the non-rebasing asset of stETH. The asset captures all Lido's ETH2 staking APY and therefore it increases in value over time. To calculate the price of wstETH, we use a custom oracle that computes wstETH value based on Chainlink stETH/ETH data feed and wstETH-stETH Exchange Rate.
If the conversion rate between wstETH-stETH reports erroneous value, there will be unknowable consequences for all depositors in the wstETH silo.
DIA is an oracle provider similar to Chainlink. They are broadly respected with hundreds of price feeds currently in use in multiple blockchain ecosystems. Similar to other oracle providers, the Silo lending protocol trusts DIA price feeds without having the ability to verify their security. When you are using a market that is supported by a DIA oracle, you are taking unknown risk.
We have worked with the Apostro team to develop a beta dashboard that tracks the health of our markets on Ethereum and Arbitrum. You can access the tool on the following link:
Using the tool, you can track the following information:
- N/A means the base asset in the silo, cbETH for example, doesn't use Uniswap V3 oracle.
- Pump Cost: How much it would cost an attacker to pump the price of the base asset to max in over one block. For example, the cost of pumping WBTC price is estimated at $303M.
- Dump cost means how much it would cost in dollar value to bring down the price of a token asset. For example, you can bring down the price of WBTC roughly by 50% but it would cost you $644M.
Attacks on Uniswap V3 oracles are reported under Alerts.
Historical cbETH price